It's an insanely great open source monitoring system used at many places.

It was formerly known as Netsaint until the author ran into some legal naming issues involving an unrelated company, so he changed the name to Nagios and kept moving ahead.

It doesn't have some of the more advanced features of more expensive monitoring software, but it's fairly well-rounded, easily extended, and has a smaller learning curve than for most monitoring software. And, hey, you can't beat the price!

You may have an entry in /etc/portage/package.use that says 'net-analyzer/nagios-core mysql' and 'net-analyzer/nagios-plugins mysql' in it.

You may choose to use PostgreSQL instead of MySQL, but I will only document what it takes to integrate Nagios with MySQL. Most of the steps are probably identical for PostgreSQL with a few minor changes, I'd imagine.

The database is used to store polled data about hosts and services.

This will install the various Nagios-related ebuilds:

Code:

# emerge nagios

Now you need to set up your configuration files -- this assumes it is a first time install of Nagios:

You will have to remove any hosts, services, or service groups that you aren't planning on using, or to comment them out, or Nagios will complain about them when it starts up.

You can leave the 'define command' stanzas in checkcommands.cfg alone, though.

Most of the defaults in various configuration files are already sane, so uncomment them.

Don't worry about resources.cfg right now. We'll come back to it later.

Also ignore the database-specific portion of cgi.cfg (at the end) but do work on most of that config file.

Alter any options to your liking -- for instance, I changed the notifications from workhours to 24x7, and enabled my nagios admin account for getting full viewing/modifying access.

It's trivial to add an entry for ssh (nagios-plugins ebuild already comes with check_ssh) in checkcommands.cfg, if you like.

My suggestion for the first-time Nagios admin is to start out very, very small with services and hosts. Suggestion: 1 service (ping), 1 host (same machine), no host groups. You can always add in all the hosts/services you want later, once all this is fully working.

So I defined a service in services.cfg that calls check_ping for the same machine the Nagios server runs on, and defined the host information in hosts.cfg. That's the most basic setup you can have for services/hosts.

How to configure Apache:

Nagios also requires a web server -- I chose apache2.

If you haven't installed apache 2.0, then:

Code:

# emerge apache

To enable Nagios in Apache 2:

Code:

# vi /etc/conf.d/apache2

And change APACHE2_OPTS to include -D NAGIOS

You need to create at least one Nagios user that will have access to the web site. This assumes you have not created the file previously:

Code:

# htpasswd2 -c /etc/nagios/htpasswd.users nagadm

(and enter the desired password when prompted above.)

If you want to add more users, do not use the '-c' flag to htpasswd2. -c means create, which will overwrite if the file already exists.

The password for the root account is NOT the same as what you will use for Nagios! Do NOT use the same password for both! Also, do NOT use the same root password for /etc/shadow as the same root password for the DB user named 'root'!

MySQL will run on port 3306, but will bind to 127.0.0.1 by default (according to /etc/mysql/my.cnf) for security reasons. This is fine, since Nagios runs on the same machine in my single-machine setup.

If your Nagios and MySQL setups are on separate machines, then you will obviously need to adjust your configs to point to the right place and also apply some sort of security filtering (e.g. iptables, router ACLs, etc) as a final layer of protection. YOU DO NOT WANT TO GET HACKED!

But if you run MySQL and Nagios on the same machine, then you have no need to adjust anything else.

Create the Nagios database itself -- it will be devoid of tables; we'll get to that shortly:

Code:

# mysqladmin -u root -p create nagios

(We do not need to name it nagios. You could call it icecream if you wanted, as long as all the config files and grant SQL statements matched the chosen database name. But since I'm boring, we'll use nagios as the database name for Nagios. )

Having created the Nagios DB, we now need to create the various tables in it:

1) Invent a DB username and password for the Nagios stuff to dump info in the DB
2) Invent a different DB username and password for the Nagios *CGIs* to read information from the DB

The user/pass for #1 and #2 should be different, especially since they have different needs, access, and privileges.

Pick any username/password you like -- it will reside only in the DB, and not in /etc/passwd on your machine.

For #1, I chose nagios-db. For #2, I chose nagios-cgi.

We will now create these users in the DB with 'vi mknagios-sql.sh':

Code:

#!/bin/sh

# Name: mknagios-sql.sh
#
# Purpose: This file will ask the user for the Nagios DB user/pass and
# for the Nagios CGI user/pass, then generate a file with the SQL
# statements required to set up access for both users.
#
# How to run: This script takes no input arguments; it prompts for the info.
#
# Note: This assumes Nagios and MySQL will be running on the same
# server. If this assumption is false, then modify nagios_host variable to
# match the FQDN hostname of the Nagios server.
#
# License: Public domain with no redistribution or modification limitations.

# If the output file already exists from a previous run, be nice and
# move it out of the way instead of nuking it.
mv -f ${outfile} ${outfile}.old >/dev/null 2>&1

# Inform the user they may accept default usernames but MUST enter a password
echo "Note: you may press enter for the username choices if you accept the"
echo "suggested default names."
echo
echo "You MUST enter a password, and the passwords echo SHOULD be different."
echo

You may use /tmp/mknagios.sql for the next step of Nagios+MySQL installation.

Some comments about the script's generated SQL statements:

FLUSH PRIVILEGES is to make MySQL apply the GRANTs immediately. Saves us from having to restart MySQL!

Also, note that the access specifies it will be done via localhost, which is what we want if we're running Nagios and MySQL on the same machine. If this is not the case, then change localhost to whatever hostname or IP the SQL stuff from Nagios will come from.

Why do we not do the GRANT select ON nagios.* TO 'nagios-cgi'? Because the CGI only needs select access on certain tables. Likewise for the nagios-db user. So to remain secure, we spend a little more time and effort to specify the full table name instead of wildcarding it.

The GRANT lock tables SQL statement is specific to MySQL with a BerkDB database. It is needed by nagios-db to briefly lock the db from changes long enough to insert new data then unlock. That way, the CGI won't get partial data during a query.

This is required because MySQL doesn't have transactional processing with BerkDB databases, though it does support transactions with an InnoDB database. Long story made short: the default MySQL ebuild will use a BerkDB database by default.

If you are using PostgreSQL, the GRANT lock tables stuff may or may not apply.

Now we will actually execute these SQL statements by:

Code:

# mysql -u root -p
mysql> source /tmp/mknagios.sql

It should output a bunch of lines saying 'QUERY OK, 0 rows affected'. If it didn't, then you likely have a problem somewhere... especially if it complains of a SQL syntax error. If any problems pops up, fix them before proceeding further.

Let's go back to a key Nagios config file now:

Code:

# vi /etc/nagios/resource.cfg

Basically, uncomment everything.

I'm not sure if you need $USER3$ and $USER4$, so can probably leave these commented out. I haven't seen any issues from leaving them commented out, and I see no references to $USER3$ or $USER4$ in any of the Nagios config files, so I think we're safe leaving these two lines commented out.

Change all *_host references to point to localhost (unless the SQL server is on a separate machine or IP).

Change all *_database to nagios (unless you used a different database name in the CREATE and GRANT stuff from earlier).

Change all *_username to nagios-db

Change all *_password to the password chosen for nagios-db

Now, edit one more file:

Code:

# vi /etc/nagios/cgi.cfg

Do similar changes for the *_host/*_port/*_database/*_username like you did with resource.cfg.

Only, this time, use nagios-cgi as the username and whatever password you chose for the nagios-cgi user.

nagios-db and nagios-cgi SHOULD NOT have the same password!

Getting ready to start up everything:

Start the web server:

Code:

# /etc/init.d/apache2 start

Since we installed Nagios with MySQL support, I would suggest modifying the init startup script to ensure it will start the database before starting Nagios.

Code:

# vi /etc/init.d/nagios

...and change depend() to read:

Code:

depend() {
need net mysql
use dns logger
after mysql
}

There is a small chance you would need to add a 'sleep 2' statement to the beginning of the start() function if your MySQL database doesn't fully initialize quickly enough before Nagios runs. You probably don't want to add this unless you notice problems with Nagios starting and trying to do stuff before the database has fully loaded.

One last thing before starting Nagios... let's check the configs for sanity:

Code:

# /usr/nagios/bin/nagios -v /etc/nagios/nagios.cfg

It MUST have 0 errors, and SHOULD have 0 warnings.

I would strongly recommend you edit the config files in /etc/nagios if necessary until you have both 0 errors and 0 warnings.

-v is the mode where Nagios only checks the configs for sanity. It does not start up when -v is specified.

And now, the grand finale:

Code:

# /etc/init.d/nagios start

It should automatically start MySQL if it isn't already running, and then start Nagios.

Click on any of the links along the left side to check them out, though I'm particularly fond of the 'Service Detail' link. (It may take a minute or two for the very first Nagios run to poll data.)

Clicking on various links should prompt you for an user/pass to enter; enter nagadm and whatever password you created with htpasswd2 before.

I made up 'nagadm', but it could be any username you wanted -- 'foobar' is fine, as long as it's in the nagios group list in htpasswd.group and has an encrypted password in htpasswd.users.

Once you have entered an username/password that is valid at the browser's auth dialog box (when prompted), you won't need to enter it again for a while.

If you want Nagios/MySQL to start at boot time, permanently:

Code:

# rc-update add nagios default

(No need to do a rc-update for MySQL since Nagios will start it if necessary.)

You probably also want to make sure your web server starts at boot time:

Code:

# rc-update add apache2 default

It is not required to have a web server running to enjoy some of Nagios' benefits since Nagios will, on its own, send email/pages and execute actions. But without a web server running, it's hard to keep a close eye on things. So I highly recommend running a web server.

(You will need to 'emerge gentoolkit' to get qpkg if you haven't already done that. HIGHLY recommended.)

Useful log files to look at would be:

/var/log/mysql/mysql.log
/var/nagios/nagios.log

mysql.log will only exist if you temporarily enable SQL query logging by uncommenting the 'log = /var/log/mysql/mysql.log' line in /etc/mysql/my.cnf, and then doing '/etc/init.d/mysql restart'.

You REALLY SHOULD disable SQL query logging (and then restart mysql) as soon as the problem is resolved because it can grow in size fast and eat a lot of disk I/O, slowing down overall system performance. (For a single user workstation, no big deal. Could be more of an issue on a really busy large production server.)

You probably only need to enable SQL query logging if you're getting SQL access errors in the Nagios logs and don't have enough detail to see what user the CGI is logging in to MySQL as, what the queries are, which tables, etc.

Last edited by dsf on Thu Dec 09, 2004 6:00 am; edited 7 times in total

Hey thanks ! Solar has a very nice eggdrop plugin for nagios that may be of interest. I think it's in his devspace. I've been meaning to use nagios for some time but alas a tutor is everyone's best learning aid _________________Compiling Gentoo since version 1.4
Thousands of Gentoo Installs Completed
Emerged on every continent but Antarctica
Compile long and Prosper!

Having created the Nagios DB, we now need to create the various tables in it by:

Code:
# /usr/nagios/contrib/database/create_mysql

That file is not an executable script. How do I use it? I tried sourcing it from within the mysql interface, but it errored._________________"Blessed is he who finds happiness in his own foolishness, for he will always be happy".

In the main configuration file (/etc/nagios/nagios.cfg), I have the line :

Code:

status_file=/var/nagios/status.log

Ahhh! I see what you mean. What you describe is okay to have, because the comment above that line in nagios.cfg says:

Code:

# STATUS FILE
# This is where the current status of all monitored services and
# hosts is stored. Its contents are read and processed by the CGIs.
# The contentsof the status file are deleted every time Nagios
# restarts.

So deletion at startup time is normal, and I think the CGIs reads the status data from the MySQL database instead of from that flat file.

For example, the MySQL database has these status databases: programstatus, hoststatus, and servicestatus.

My guess is that if you had run Nagios without MySQL or PostgreSQL database support, then Nagios would write data to that file instead of inserting data in the database and CGIs would read from that file.

But because we use MySQL, Nagios writes status information to the MySQL database, and CGIs query the database for that stored information instead of from a flat file.

So I think that what you noticed is actually not a problem. I'm not a big expert on Nagios' inner workings, but that is my hypothesis.

I'm finally getting nagios configured the way I want it, but can't seem to get the icons and background image working for the status map. In the meantime, while I'm trying to figure that out, anyone know where I can get a good gentoo icon to use for my gentoo hosts in the status map?

I'm finally getting nagios configured the way I want it, but can't seem to get the icons and background image working for the status map. In the meantime, while I'm trying to figure that out, anyone know where I can get a good gentoo icon to use for my gentoo hosts in the status map?

(substitute 'myhostname' for whatever host is listed in /etc/nagios/hosts.cfg -- i.e., which host you want to have the Gentoo logo.)

Put the files in /usr/nagios/share/images/logos/ and make sure that httpd can read them.

I have only one issue with this image... it's displayed off-center. I'm not sure if you need to adjust x_2d and y_2d in the SQL table or not. I tried setting both to 0 (0,0 = origin at upper left corner) but didn't seem to help. Not sure if problem is due to image size or positioning.

Also, someone suggested that you make the image transparent before converting it into a GD2 image. For example:

Man, this is like doing a medecine degree so you can put a plaster on.

Anything simpler? I find Nagios utterly complicated with a complex syntax, completely unintuitive. Gee, with all the CMS out there, it astound me to find a web apps that must be configured thrue config files.

I'm giving up on Nagios, until they make it simpler to setup and maintain._________________(7 of 9) Installing star-trek/species-8.4.7.2::talax.

Great job on the walkthrough. I've got Nagios running fine with one exception. I keep seeing: "Warning: Monitoring process may not be running!". Being an idiot, I cant figure out how to fix this. Any ideas?

Thanks!

===EDIT===

Ok, I did some more poking around and found that nothing is ever being written to /var/nagios/status.log
I checked nagios.cfg and this is the file that is specified there so now I'm really stumped. Anyone have any idea why the file just isnt being written? everything else on Nagios is working so why not this?

It appears as though you do not have permission to view the configuration information you requested...

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.

It appears I have this error too, nothing else appears wrong and the sanity check works without any errors. I checked my user names but I see no problems. I will continue to poke around myself, but if anyone has some tidbits of wisdom I would be happy to check them out. Thanks.

PS...I have disabled CGI authentication for now (in cgi.cfg) and all works well. Now only to figure out where I screwed it up.

OK, One more edit on my part...
I think I may have missed something in the cgi.cfg obviously. When following the instructions on the how to, I only uncommented the stuff below 'DG EXTENDED DATA' section. Perhaps I missed something along the way, is there any other options that should have the comment removed?_________________Drinking from the fountain of knowldege.
Sometimes sipping.
Sometimes gulping.
Always thirsting.

Nagios is running since all the item and probes are displayed on the board... Process Status Information
What should it display there ?
what's wrong in my configuration ?
i don't understand since everything works great but i though there are maybe the lack of some functionality dues to this error...

search the cgi.cfg, there is a section that mentions something about getting the monitoring process error. I saw it when I was looking through it for my problem. Dont know if it will help you, but I did see something._________________Drinking from the fountain of knowldege.
Sometimes sipping.
Sometimes gulping.
Always thirsting.